The opinion in support of the decision being entered today was not written 
for publication and is not binding precedent of the Board. 
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JERRY SMITH, Administrative Patent Judge . 

DECISION ON APPEAL 

This is a decision on the appeal under 3 5 U.S.C. § 134 from 
the examiner's rejection of claims 1-5 and 7-14, which constitute 
all the claims pending in the application. 

The disclosed invention pertains to a method for defeating a 
SYN flooding attack in a server unit of an Internet Protocol 
network. A SYN flooding attack is a type of denial of service 
attack which attempts to overwhelm a server with a vast number of 
spurious communications . 
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Representative claim 1 is reproduced as follows: 

1. A method for defeating, in a server unit of an Internet 
Protocol network, a SYN flooding attack, said server unit running 
Transmission Control Protocol to allow the establishment of one 
or more transmission control protocol connections with one or 
more client units, said method comprising the steps of: 

upon having activated the transmission control protocol in 
said server unit, 

listening for the receipt of a SYN message sent from a 
client unit; 

upon receiving said SYN message, 

computing an Initial Sequence number Receiver side, wherein 
said Initial Sequence number Receiver side is embedded with 
connection parameters specified in the SYN message; 

responding to said client unit with a SYN-ACK message 
including said Initial Sequence number Receiver side; 

resuming to said listening step; and 

responsive to receiving an ACK message, determining whether 
to establish a transmission control block for the client unit by- 
evaluating an incremented value of the Initial Sequence number 
Receiver side included in the ACK message. 

The examiner relies on the following reference: 
Denker 5,958,053 Sep. 28, 1999 

Claims 1-5 and 7-14 stand rejected under 35 U.S. C. § 102(e) 
as being anticipated by the disclosure of Denker. 

Rather than repeat the arguments of appellants or the 
examiner, we make reference to the brief and the answer for the 
respective details thereof. 
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OPINION 

We have carefully considered the subject matter on appeal, 
the rejection advanced by the examiner and the evidence of 
anticipation relied upon by the examiner as support for the 
rejection. We have, likewise, reviewed and taken into 
consideration, in reaching our decision, the appellants' 
arguments set forth in the brief along with the examiner's 
rationale in support of the rejection and arguments in rebuttal 
set forth in the examiner's answer. 

It is our view, after consideration of the record before us 
that the disclosure of Denker does fully meet the invention as 
set forth in the claims on appeal . Accordingly, we affirm. 

Anticipation is established only when a single prior art 
reference discloses, expressly or under the principles of 
inherency, each and every element of a claimed invention as well 
as disclosing structure which is capable of performing the 
recited functional limitations. RCA Corp. v. Applied Digital 
Data Systems, Inc. , 730 F.2d 1440, 1444, 221 USPQ 385, 388 (Fed. 
Cir.); cert, dismissed , 468 U.S. 1228 (1984); W.L. Gore and 
Associates, Inc. v. Garlock, Inc. , 721 F.2d 1540, 1554, 220 USPQ 
303, 313 (Fed. Cir. 1983), cert . denied , 469 U.S. 851 (1984). 
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The examiner has indicated how the claimed invention is 
deemed to be anticipated by the disclosure of Denker [answer, 
pages 4-10] . With respect to independent claim 1, appellants 
argue that Denker does not anticipate the claim because Denker 
does not teach the step of "responsive to receiving an ACK 
message, determining whether to establish a transmission control 
block for the client unit by evaluating an incremented value of 
the Initial Sequence number Receiver side included in the ACK 
message." Specifically, appellants argue that the portions of 
Denker cited by the examiner fail to support the examiner's 
findings in support of anticipation [brief, pages 11-15] . The 
examiner responds that the incremented Initial Sequence number is 
a known element of the standard TCP protocol [answer, page 11] . 

We will sustain the examiner's rejection of independent 
claim 1. It appears to us that appellants' arguments are based 
on their position that the TCP2E protocol of Denker does not meet 
the claimed invention, however, we find that the TCP2B protocol 
disclosed in Denker does meet the invention of claim 1. 
Specifically, Denker discloses that the SYN-ACK message includes 
the Initial Sequence number Receiver side [see term "client's 
initial sequence number" of equation 1] . Denker also discloses 
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that the server waits for an ACK message from the client and 
determines whether the ACK message passes a mathematical or 
cryptological test [column 8, line 61 to column 9, line 6] . One 
formula for this test is shown in equation 2 . This equation uses 
the term "(client's sequence number msg3040c -l) . " The term client's 
sequence number msg3040c is the incremented value of the Initial 
Sequence number and the w l" is subtracted in the equation to 
account for this. Thus, the "minus 1" in equation 2 clearly 
indicates that the Sequence number in the ACK message has been 
incremented from the Initial Sequence number Receiver side. 
Therefore, we disagree with appellants' argument that the last 
step of claim 1 is not taught or suggested by Denker. 

With respect to dependent claim 3, appellants argue that 
Denker fails to show the claimed four steps. Specifically, 
appellants argue that the portions of Denker cited by the 
examiner do not show the use of a key as claimed [brief, pages 
15-17] . The examiner responds that the random number in Denker 
is used in the calculation of the encoded value which is used in 
the messages exchanged when establishing the connection [answer, 
page 11] . 

We will sustain the examiner's rejection of dependent claim 
3. The portions of Denker argued by appellants relate to the 
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TCP2E protocol. As noted above, we find that the TCP2B protocol 
of Denker meets the invention of claim 1. Note that equations 1 
and 2 of Denker use the term "random secret" in calculating the 
encoded value. We find that Denker clearly retains the keys for 
evaluating the random secrets used in the exchanged messages of 
Denker . 

With respect to dependent claim 4, appellants argue that 
Denker fails to show the step of claim 4. Specifically, 
appellants argue that the portions of Denker cited by the 
examiner do not show picking a category index as claimed [brief, 
pages 17-18] . The examiner responds that the encoded value in 
Denker includes various parameters including connection 
parameters [answer, page 11] . 

We will sustain the examiner's rejection of dependent claim 
4. Appellants have failed to explain why the connection 
parameters identified by the examiner in Denker do not fall 
within a category index as broadly recited in claim 4 . The mere 
assertion that an element is not taught within a reference 
without any explanation or analysis does not rebut a persuasive 
finding that the element is present. 

With respect to dependent claim 5, appellants argue that 
Denker fails to show the step of claim 5. Specifically, 
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appellants argue that the portions of Denker cited by the 
examiner do not show updating a PRN generator at a maximum rate 
as claimed [brief, pages 18-19] . The examiner responds that the 
rate at which the secret is updated in Denker is in accordance 
with the transmission protocol and not at a maximum rate as 
argued [answer, pages 11-12] . 

We will sustain the examiner's rejection of dependent claim 
5 for the reasons argued by the examiner in the answer. 

With respect to independent claim 7, appellants argue that 
Denker fails to show the last step of claim 7. Specifically, 
appellants argue that the portions of Denker cited by the 
examiner do not show evaluating the Initial Sequence number 
Receiving side and allocating resources in the manner claimed 
[brief, pages 19-21] . The examiner disagrees [answer, page 12] . 

We will sustain the examiner's rejection of independent 
claim 7. Appellants' argument are directed to the TCP2E protocol 
of Denker. As noted above, we rely on the TCP2B protocol of 
Denker. Denker clearly teaches in this protocol that resources 
are not allocated to the connection until the received ACK 
message has been evaluated for authenticity using embedded 
connection parameters. 
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In summary, we have sustained the examiner's rejection of 
argued claims 1, 3, 4, 5 and 7. We also sustain the rejection 
with respect to each of the other claims on appeal because they 
have not been argued. Therefore, the decision of the examiner 
rejecting claims 1-5 and 7-14 is affirmed. 
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No time period for taking any subsequent action in 
connection with this appeal may be extended under 37 CFR 
§ 1.136(a) (1) (iv) (effective September 13, 2004) . 

AFFIRMED 





IETH "WniAIRSTON 
Administrative Patent Judge 



JERRY SMITH 

Administrative Patent Judge 




ALLEN R. MACDONALD 
Administrative Patent Judge 



BOARD OF PATENT 
APPEALS 
AND 

INTERFERENCES 



JS/kis 



Appeal No. 2006-0252 
Application No. 09/755,564 



Page 10 



DUKE W. YEE 
YEE & ASSOCIATES, P.C. 
P. O. BOX 802333 
DALLAS, TX 75380 



